So, when I am testing on my development environment, I just had a weird thinking.. What if the user has not change password as the account is newly created?

Why I have concern? The reason is one can never set “Password never expires” if “User must change password as next logon”!! If you insist to set “Password never expires”, the other option will be “unchecked” (Not Set). <Screen shot below shows what happened if you want to do it by GUI way>

Impact

What could be the possible impact if I were to run the DS command?

This is what will happen – Examples:

After running the command, user account in the AD will change as following:

For account A that does not have “User must change password at next logon” will have the “Password never expires” set (Checked)

For account B that has “User must change password at next logon” set, the setting will be cleared and the “Password never expires” will be set (Checked).

End-User experience

Account A logon to machine as usual.

Account B logon to machine and start using the account will not get prompt to change password upon next logon.

After period of time… when we need to revert the setting using the command: